Site-to-Site VPN Meraki MX behind NAT and Azure

Solved
Mateen
Getting noticed

Site-to-Site VPN Meraki MX behind NAT and Azure

Hei,

Does anyone know that if Meraki MX is behind NAT, is it possible to make VPN tunnel with Azure vpn-gw ? I am using beta firmware and activated ikev2 via support. Azure documentation says no. but is there any workaround ? portforwarding etc..

 

1 Accepted Solution
Nash
Kind of a big deal

Is it possible to put the 4G router into passthrough/bridge/whatever mode and slap the WAN IP directly on the MX?

View solution in original post

6 Replies 6
Nash
Kind of a big deal

Is the device in front of your MX using 500/4500 for anything?

 

If not, what happens when you setup port forwarding?

 

Alternately, would the vMX100 work for you?

Mateen
Getting noticed

Device in front is a 4 G router. I have tried port forwarding but tunnel is not coming online. vMX is not an option.
Nash
Kind of a big deal

Is it possible to put the 4G router into passthrough/bridge/whatever mode and slap the WAN IP directly on the MX?

Mateen
Getting noticed

Tried ipsec passthrough mode and a dmz mode which was the most open option on tp link mr400 4g router. In all settings the router gives a private ip to mx. Azure does not like that.

Nash
Kind of a big deal

Mm, no, no, it's not going to.

 

Is your provider on the 4G router doing carrier-grade NAT? If so, I don't think there's any way you're going to get around that. AutoVPN to a vMX could cope, but you've said that's not an option.

PhilipDAth
Kind of a big deal
Kind of a big deal

For 4G to work you would need a static IP from your carrier - and very few carriers will do that.

Get notified when there are additional replies to this discussion.